DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability Network Vulnerability

Summary

DataLife Engine is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks are also possible. DataLife Engine 9.7 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for details.

References

http://www.securityfocus.com/bid/57603

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1412

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Directory Traversal Vulnerability
Arkeia Appliance Path Traversal Vulnerability
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities